Lucene search
K

3112 matches found

cve
cve
added 2026/05/06 4:14 p.m.27 views

CVE-2026-20195

The CVE concerns Cisco Identity Services Engine (ISE) where an identity management API endpoint exposes error-based responses that let unauthenticated remote attackers enumerate valid usernames. The issue stems from observable error messages when the affected API is invoked, enabling an attacker ...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/05/06 4:14 p.m.32 views

CVE-2026-20195 Cisco Identity Services Engine Observable Response Discrepancy Vulnerability

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could...

5.3CVSS0.00275EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/06 12:0 a.m.22 views

PT-2026-38302

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.21 Statamic versions prior to 6.15.0 Description Responses from the forgot password forms reveal whether an account exists for a specific email address. This allows an unauthenticated attacker to perform user...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References4
github
github
added 2026/05/05 10:2 p.m.10 views

AVideo: Unauthenticated User Enumeration in objects/users.json.php via isCompany Parameter Allows Bypass of the Admin-Only Listing Restriction

Summary objects/users.json.php exposes two unauthenticated paths that disclose the full set of registered user accounts. The isCompany request parameter causes the handler to set $ignoreAdmin = true for any non-admin caller including unauthenticated visitors, which defeats the admin-only guard...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/05/05 8:14 p.m.4 views

GHSA-MM2Q-QCMX-GW4W RustFS: ListServiceAccount authorizes against wrong admin action, enabling cross-user enumeration and root service account takeover

Summary ListServiceAccount GET /rustfs/admin/v3/list-service-accounts?user= authorizes cross-user requests against UpdateServiceAccountAdminAction instead of ListServiceAccountsAdminAction at rustfs/src/admin/handlers/serviceaccount.rs:936. The handler accepts the wrong admin action and rejects t...

8.7CVSS5.8AI score
Exploits0References2
github
github
added 2026/05/05 8:14 p.m.23 views

RustFS: ListServiceAccount authorizes against wrong admin action, enabling cross-user enumeration and root service account takeover

Summary ListServiceAccount GET /rustfs/admin/v3/list-service-accounts?user= authorizes cross-user requests against UpdateServiceAccountAdminAction instead of ListServiceAccountsAdminAction at rustfs/src/admin/handlers/serviceaccount.rs:936. The handler accepts the wrong admin action and rejects t...

5.8AI score
Exploits0References2Affected Software1
vulncheck_kev
vulncheck_kev
added 2026/04/30 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-56132

LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2...

7.3CVSS5.3AI score0.00648EPSS
In wildExploits1References2
redhatcve
redhatcve
added 2026/04/25 1:22 p.m.9 views

CVE-2026-6043

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the...

8.8CVSS5.5AI score0.00457EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/04/24 6:49 p.m.11 views

CVE-2026-41418

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumeration via a timing side-channel in the login endpoint POST /api/access-tokens. When an invalid username/email is provided, the server responds immediately 17ms average. When a val...

5.3CVSS5.3AI score0.00197EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/04/24 6:49 p.m.6 views

EUVD-2026-25612

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumeration via a timing side-channel in the login endpoint POST /api/access-tokens. When an invalid username/email is provided, the server responds immediately 17ms average. When a val...

5.3CVSS5.3AI score0.00197EPSS
Exploits0References1
cvelist
cvelist
added 2026/04/24 6:49 p.m.29 views

CVE-2026-41418 4ga Boards: User Enumeration via Timing Side-Channel in Authentication Endpoint

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumeration via a timing side-channel in the login endpoint POST /api/access-tokens. When an invalid username/email is provided, the server responds immediately 17ms average. When a val...

5.3CVSS0.00197EPSS
Exploits0References1
cve
cve
added 2026/04/24 6:49 p.m.10 views

CVE-2026-41418

4ga Boards prior to 3.3.5 is vulnerable to user enumeration via a timing side-channel on POST /api/access-tokens. Valid username/email with wrong password yields ~74 ms bcrypt.compareSync(), vs ~17 ms for invalid username/email, creating a ~4.4× timing difference. Root cause: timing variance in l...

5.3CVSS5.3AI score0.00197EPSS
Exploits0References1
nvd
nvd
added 2026/04/24 12:17 p.m.4 views

CVE-2026-6043

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the...

8.8CVSS0.00457EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/04/24 11:2 a.m.5 views

CVE-2026-6043 Insecure Default Configuration in P4 Server

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the...

8.8CVSS5.5AI score0.00457EPSS
Exploits0References2
euvd
euvd
added 2026/04/24 11:2 a.m.6 views

EUVD-2026-25415

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the...

8.8CVSS5.5AI score0.00457EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/24 11:2 a.m.3 views

CVE-2026-6043

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the...

8.8CVSS5.5AI score0.00457EPSS
Exploits0References3
cve
cve
added 2026/04/24 11:2 a.m.12 views

CVE-2026-6043

CVE-2026-6043 pertains to P4 Server: versions prior to 2026.1 ship with insecure default configurations that, when exposed to untrusted networks, enable unauthenticated attackers to (1) create arbitrary user accounts, (2) enumerate existing users, (3) authenticate to accounts with no password, an...

8.8CVSS5.5AI score0.00457EPSS
Exploits0References2
cvelist
cvelist
added 2026/04/24 11:2 a.m.32 views

CVE-2026-6043 Insecure Default Configuration in P4 Server

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the...

8.8CVSS0.00457EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/24 12:0 a.m.6 views

PT-2026-35063

Name of the Vulnerable Software and Affected Versions 4ga Boards versions prior to 3.3.5 Description 4ga Boards is a boards system for realtime project management. The software allows user enumeration through a timing side-channel in the login endpoint '/api/access-tokens'. The server responds...

5.3CVSS5.2AI score0.00197EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/04/24 12:0 a.m.10 views

4ga Boards 安全漏洞

4ga Boards is a real-time project management dashboard system developed by RAR Personal Developers. Versions of 4ga Boards prior to 3.3.5 contained security vulnerabilities. These vulnerabilities stemmed from timing side channels in the login endpoint, which could lead to user enumeration...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1
Rows per page
Query Builder